If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

php programming practices

Hi all!

I have created my own content management system from scratch pretty much and I really need to clean the code up and organize it better because there is so much php code everywhere but I don't really know good practices of php programming because I taught myself. Do I initialize all the session variables that I need all at once or do I make individual queries to sql? Also should I initialize these right after session_start() or should I do some checks first? If anyone has any other securing or coding tips for a budding young php programmer that would be appreciated.

Thanks!

I believe in making the world safe for our children, but not our childrenís children, because I donít think children should be having sex. -- Jack Handey

I have done my best to search and learn from the internet but alas, there are those times for everyone where they need to ask someone for help and I am here...

I know what to search for when I want to Program Secure PHP but I want to learn is good practices to make php run as smoothly as possible with as little holes/bugs as possible. This I haven't been able to find thus far on my own... I have done my searching and bought my books on php and they do suggest good practices, but not anywhere near the scope of a complex CMS. I started basic with the logon script and blah but ended up with a site that is damn near 100% dynamic. It has user definable and creatable skins, a forum, a video/music/art gallery, web designs, tutorials, and more. This site is going to have a tutorial for everything I put in it because I want others to learn what I learned. On top of that, I plan on being able to have some sort of web design business that goes with it.

This site has been a project for at least a year for me. I wrote every bit of code myself since the help of a couple of tutorials a year ago and I would like to protect it from getting defaced by some punk hackers showing off to their friends, or more seriously, stealing future users info. I know that AO has already gone over this many times but I would like to get advice from people here like I would when I ask my teachers. My current problem is not necessarily securing it yet, but cleaning it up and that starts from line 2 of the header.inc file which is the session_start(), and that gives me a lot of code to clean up. I have already done my best to avoid sql injection, bad use of variables, etc. But how do I know it is alright without being able to pay someone to secure and clean it up for me?

AO is the only place I ever come to when I have questions because I know that there are very experienced people here that know much more than I do and I would like to learn from that. I'm sorry if this is a rant but I want my site to be as good as possible when I finally gets a good host to live in.

I believe in making the world safe for our children, but not our childrenís children, because I donít think children should be having sex. -- Jack Handey

Well seeing as you are almost done with the coding it will take alot longer to put into place good practices than doing it right the first time. Just remember the famous "//" marks if you comment everything it will be the best thing you can do for yourself and the help or anyone that uses the system. I would hope that you would be trying to distribute it freely if it is truly something great. But I would not help you unless you read so here is a great site for php information. and it should help you on your quest.

I hope you find what you are looking for and make sure next time you start the practices at the beginning or a variable change can cause a huge headache.